Summary | ZeroBOX

3344.exe

UPX PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 19, 2024, 8:43 a.m. Dec. 19, 2024, 8:46 a.m.
Size 149.2KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c2fd049f5e4af19811db14b28e1d9bdc
SHA256 a908193949c9b3f45f3b409d4b28949014ae27e9bb1e962fd5e65ebbc97fb89e
CRC32 7777DAE5
ssdeep 3072:6Pm7brhtbDKROb953j/wmIIrXt8i8NI/FDjV/+1EdB/:6Pm7brhVWa953j/bIwXt8xEjV/+1EdB/
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
45.43.36.223 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

stacktrace:
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x7706a404
0x3f01fe
0x7fffffdc250
0x203f708
0x203f740
0x3f01fe
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70
0x70

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x7706a404
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 4129278
registers.rbx: 0
registers.rsp: 33815544
registers.r11: 514
registers.r8: 33814280
registers.r9: 33814336
registers.rdx: 8796092875344
registers.r12: 33815968
registers.rbp: 4128778
registers.rdi: 112
registers.rax: 1996923908
registers.r13: 33815976
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1700
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00000000003f0000
process_handle: 0xffffffffffffffff
1 0 0
host 45.43.36.223
Process injection Process 1700 manipulating memory of non-child process 1700
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 1700
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
base_address: 0x00000000003f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0x0000000000000050
1 0 0
Process injection Process 1700 injected into non-child 1700
Time & API Arguments Status Return Repeated

WriteProcessMemory

buffer: üHƒäðèÌAQAPRQVH1ÒeH‹R`H‹RH‹R H·JJM1ÉH‹rPH1À¬<a|, AÁÉ AÁâíRAQH‹R ‹B<HÐfx …r‹€ˆH…ÀtgHÐD‹@ IЋHPãVM1ÉHÿÉA‹4ˆHÖH1ÀAÁÉ ¬AÁ8àuñLL$E9ÑuØXD‹@$IÐfA‹ HD‹@IÐA‹ˆHÐAXAX^YZAXAYAZHƒì ARÿàXAYZH‹éKÿÿÿ]I¾ws2_32AVI‰æHì I‰åI¼ -+$ßATI‰äL‰ñAºLw&ÿÕL‰êhYAº)€kÿÕj A^PPM1ÉM1ÀHÿÀH‰ÂHÿÀH‰ÁAºêßàÿÕH‰ÇjAXL‰âH‰ùAº™¥taÿՅÀt IÿÎuåè“HƒìH‰âM1ÉjAXH‰ùAºÙÈ_ÿՃø~UHƒÄ ^‰öj@AYhAXH‰òH1ÉAºX¤SåÿÕH‰ÃI‰ÇM1ÉI‰ðH‰ÚH‰ùAºÙÈ_ÿՃø}(XAWYh@AXjZAº /0ÿÕWYAºunMaÿÕIÿÎé<ÿÿÿHÃH)ÆH…öu´AÿçXjYIÇÂðµ¢VÿÕ
base_address: 0x00000000003f0000
process_identifier: 1700
process_handle: 0x0000000000000050
1 1 0
Bkav W32.Common.1915AF70
Lionic Trojan.Win32.Meterpreter.4!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Ghanarava.17345584961d9bdc
Skyhigh Artemis!Trojan
ALYac Trojan.Generic.37169049
Cylance Unsafe
VIPRE Trojan.Generic.37169049
Sangfor Trojan.Win64.Inject.V8m0
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.Generic.37169049
K7GW Trojan ( 005b24a01 )
K7AntiVirus Trojan ( 005b24a01 )
Arcabit Trojan.Generic.D2372799
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Inject.AQ
APEX Malicious
Avast Win64:MalwareX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:Win64/Inject.aa368d0f
NANO-Antivirus Trojan.Win64.Meterpreter.kubrks
MicroWorld-eScan Trojan.Generic.37169049
Rising Trojan.Inject!8.103 (TFE:5:baL3ryrDOYN)
Emsisoft Trojan.Generic.37169049 (B)
F-Secure Trojan.TR/Inject.nutfd
DrWeb BackDoor.Meterpreter.240
Zillya Trojan.Inject.Win64.664
TrendMicro Backdoor.Win64.SWRORT.YXELKZ
McAfeeD ti!A908193949C9
CTX exe.trojan.inject
Sophos Mal/Generic-S
FireEye Trojan.Generic.37169049
Google Detected
Avira TR/Inject.nutfd
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Trojan.Generic.a
Microsoft Trojan:Win64/Meterpreter!rfn
ViRobot Trojan.Win.Z.Inject.152748
GData Trojan.Generic.37169049
Varist W64/ABTrojan.TQSS-8800
AhnLab-V3 Trojan/Win.MalwareX-gen.C5701059
McAfee Artemis!C2FD049F5E4A
DeepInstinct MALICIOUS
VBA32 Trojan.Meterpreter
Malwarebytes Malware.AI.3756828286
Ikarus Trojan.Win64.Inject
Panda Trj/Chgt.AD
TrendMicro-HouseCall Backdoor.Win64.SWRORT.YXELKZ
Tencent Win32.Trojan.Generic.Lflw
dead_host 192.168.56.103:49162
dead_host 45.43.36.223:3344